[wp-trac] [WordPress Trac] #47320: Site Health: Call to API with $_COOKIE and PHPSESSID
WordPress Trac
noreply at wordpress.org
Sun Aug 11 23:27:55 UTC 2019
#47320: Site Health: Call to API with $_COOKIE and PHPSESSID
-------------------------------+------------------------------
Reporter: matthieumota | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Site Health | Version: 5.2
Severity: trivial | Resolution:
Keywords: site-health close | Focuses:
-------------------------------+------------------------------
Changes (by Clorith):
* keywords: site-health => site-health close
Comment:
You are correct that cron events fire a loopback, but it does not rely on
authentication.
The theme and plugin editors perform these kind of checks, and will not
allow your changes to be saved if there is a failure (and is how we found
the session problem in the first place, when many users started having
this issue, the plugins that were adding sessions were updated in those
cases though).
I am leaning towards not leaving session locking active when not needed
being the best approach here, the scenario I describe above is also the
only one I can think of right now where the loopbacks require
authentication, but as mentioned it is also where we saw a noteworthy
amount of users experience issues until plugin changes were made.
I'm going to leave the ticket open for feedback on these points as well,
but have marked it as a candidate for closing soon unless something
special comes up.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47320#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list